Authenticating Subversion users

Subversion clients must supply a valid CollabNet username and password to access the repository.

Your repository's URL is constructed by adding /svn/projectname after your project's main URL.

Note: We recommend that you check out /svn/projectname/trunk, not the root of the repository.

If your CollabNet site is configured to use https:// instead of http://, then you must also use https:// to access the Subversion repository. This mode of operation securely encrypts all messages over the connection, including your password.

For example, using the command line client, this command:

$ svn co http://project.domain/svn/project/trunk project

Returns this result:

Authentication realm: <http://project.domain:80> CollabNet Subversion Repository
Password for 'username': XXXXX

A  project/
A  project/www
A  project/www/index.html
Checked out revision 1.

Authenticating with SSL

Your CollabNet site requires two levels of authentication: first, your HTTP client (web-browser) client must provide an SSL client certificate to the server. After that, the HTTP client must supply a standard CollabNet username and password. Because the Subversion client is also an HTTP client, it must supply these same credentials.

Assuming you already have a valid client certificate installed in your web browser, you can tell your browser to "export" the certificate in PKCS#12 format. Save that file somewhere on disk (for example, /some/path/to/cert.p12), then present it to the Subversion client when it asks. For example:

$ svn co https://project.domain/svn/project/trunk project

Authentication realm: https://project.domain:443
Client certificate filename: /some/path/to/cert.p12
Passphrase for '/some/path/to/cert.p12': XXXXXXX
Password for 'username': XXXXXX

A  project/
A  project/www
A  project/www/index.html
Checked out revision 1.

After the Subversion client has successfully authenticated, it automatically attempts to cache the credentials in the user's run-time config area. See Version Control with Subversion for how to prevent this on-disk caching.

While the basic CollabNet username/password pair is cached on disk, the client certificate location is not. To avoid being prompted for the certificate location every time, modify your run-time servers file to point to the certificate. See "Version Control with Subversion" for information about automating client certificates.

Important: Consult your local security policies regarding stored passwords. It may be fine to point your servers file to the certificate itself, but you may not want to store the certificate's passphrase on disk.

Top | Help index